36 lines
1.5 KiB
Markdown
36 lines
1.5 KiB
Markdown
# 8. Cross-cutting Concepts
|
|
|
|
Describes crosscutting concepts (practices, patterns, regulations or solution ideas). Such concepts are often related to multiple building blocks. They may include many different topics such as domain models, architecture patterns, rules for using specific technology, security, logging, and error handling.
|
|
|
|
> Pick **only** the most-needed topics for your system.
|
|
|
|
## OpenRouter API Integration
|
|
|
|
see [docs/8.1-openrouter.md](./8.1-openrouter.md) for details on how the backend integrates with OpenRouter for multi-modal AI generation, including image and video generation flows.
|
|
|
|
## DuckDB Concurrency and Storage
|
|
|
|
See [docs/8.2-duckdb.md](./8.2-duckdb.md) for details on how the backend handles concurrent access to DuckDB and manages the database file on the host filesystem.
|
|
|
|
## Security
|
|
|
|
- All API endpoints (except `/auth/login`) require a valid JWT in the `Authorization: Bearer` header.
|
|
- HTTPS enforced in production via reverse proxy (nginx or Caddy).
|
|
- Passwords stored as bcrypt hashes.
|
|
|
|
## Logging
|
|
|
|
- Structured JSON logs from FastAPI via Python `logging` + `structlog`.
|
|
- OpenTelemetry traces exported for observability.
|
|
- Log level configurable via environment variable `LOG_LEVEL`.
|
|
|
|
## Error Handling
|
|
|
|
- All API errors return a unified JSON shape: `{ "error": "<code>", "message": "<description>" }`.
|
|
- HTTP status codes follow REST conventions (400, 401, 403, 404, 422, 500).
|
|
|
|
## Configuration
|
|
|
|
- All secrets (API keys, DB path, JWT secret) loaded from environment variables or `.env` file.
|
|
- No secrets committed to source control.
|